Merge pull request #1222 from hedgedoc/fix/upgrade_insecure_requests

Fix upgradeInsecureRequests CSP directive
This commit is contained in:
David Mehren 2021-05-06 21:18:46 +02:00 committed by GitHub
commit 140b2c261c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -85,9 +85,9 @@ function getCspNonce (req, res) {
function addUpgradeUnsafeRequestsOptionTo (directives) {
if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
directives.upgradeInsecureRequests = true
directives.upgradeInsecureRequests = []
} else if (config.csp.upgradeInsecureRequests === true) {
directives.upgradeInsecureRequests = true
directives.upgradeInsecureRequests = []
}
}